US2008144836A1PendingUtilityA1

Distributed encryption authentication methods and systems

41
Assignee: SANDERS BARRYPriority: Dec 13, 2006Filed: Dec 13, 2006Published: Jun 19, 2008
Est. expiryDec 13, 2026(~0.4 yrs left)· nominal 20-yr term from priority
H04L 9/085H04L 9/0852
41
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and system for providing authentication of mutual strangers is provided. For one embodiment, a plurality of routes from an origination node of a network to a recipient node of the network are determined, a portion of the routes is selected, and shares of a random secret key are generated with each share corresponding to one of the routes. Each share of the random secret key is transmitted via the corresponding route. In accordance with one embodiment of the invention, shares of a random key are encoded and the random key is relayed via multiple routes through a network employing a cryptographically strong forward security system. At the destination, shares are recombined to reconstruct the key, and the recipient verifies the integrity of the key with the sender. If the key is intact it is used for authentication or encryption in future communication between the sender and recipient.

Claims

exact text as granted — not AI-modified
1 . A method comprising:
 determining a plurality of routes from a message origination node of a network to a message recipient node of the network;   selecting a portion of the plurality of routes;   generating shares of a random secret key, each share corresponding to one of the routes of the portion of the plurality of routes; and   transmitting each share of the random secret key via the corresponding route.   
   
   
       2 . The method of  claim 1  further comprising:
 receiving the transmitted shares at the destination node; and   using the shares to reconstruct the random secret key.   
   
   
       3 . The method of  claim 1  wherein the network is selected from the group consisting of a physical network and a virtual network. 
   
   
       4 . The method of  claim 2  further comprising:
 verifying that the random secret key was reconstructed properly.   
   
   
       5 . The method of  claim 2  employing an (n, k) secret sharing scheme. 
   
   
       6 . The method of  claim 4  further comprising:
 detecting failure nodes of the network; and   excluding routes that contain failure nodes from the portion of selected routes.   
   
   
       7 . The method of  claim 1  wherein the network implements a cryptographically strong forward security system. 
   
   
       8 . The method of  claim 7  wherein the cryptographically strong forward security system utilizes a quantum key distribution system. 
   
   
       9 . The method of  claim 1  wherein the plurality of routes is dynamically determined. 
   
   
       10 . A network employing a cryptographically strong forward security comprising:
 means for determining a plurality of routes from a message origination node of the network to a message recipient node of the network;   means for selecting a portion of the plurality of routes;   means for generating shares of a random secret key, each share corresponding to one of the routes of the portion of the plurality of routes; and   means transmitting each share of the random secret key via the corresponding route.   
   
   
       11 . The network of  claim 10  further comprising:
 receiving the transmitted shares at the destination node; and   using the shares to reconstruct the random secret key.   
   
   
       12 . The network of  claim 10  wherein the network is selected from the group consisting of a physical network and a virtual network. 
   
   
       13 . The network of  claim 11  further comprising:
 verifying that the random secret key was reconstructed properly.   
   
   
       14 . The network of  claim 10  employing an (n, k) secret sharing scheme. 
   
   
       15 . The network of  claim 13  further comprising:
 detecting failure nodes of the network; and   excluding routes that contain failure nodes from the portion of selected routes.   
   
   
       16 . The network of  claim 10  wherein the network implements a cryptographically strong forward security system. 
   
   
       17 . The network of  claim 16  wherein the cryptographically strong forward security system utilizes a quantum key distribution system. 
   
   
       18 . The network of  claim 10  wherein the plurality of routes is dynamically determined. 
   
   
       19 . A machine-readable medium that provides executable instructions, which when executed by a processor, cause the processor to perform a method, the method comprising:
 determining a plurality of routes from a message origination node of a network to a message recipient node of the network;   selecting a portion of the plurality of routes;   generating shares of a random secret key, each share corresponding to one of the routes of the portion of the plurality of routes; and   transmitting each share of the random secret key via the corresponding route.   
   
   
       20 . The machine-readable medium of  claim 19  further comprising:
 receiving the transmitted shares at the destination node; and   using the shares to reconstruct the random secret key.   
   
   
       21 . The machine-readable medium of  claim 20  wherein the network is selected from the group consisting of a physical network and a virtual network. 
   
   
       22 . The machine-readable medium of  claim 20  further comprising:
 verifying that the random secret key was reconstructed properly.   
   
   
       23 . The machine-readable medium of  claim 19  employing an (n, k) secret sharing scheme. 
   
   
       24 . The machine-readable medium of  claim 22  further comprising:
 detecting failure nodes of the network; and   excluding routes that contain failure nodes from the portion of selected routes.   
   
   
       25 . The machine-readable medium of  claim 19  wherein the network implements a cryptographically strong forward security system. 
   
   
       26 . The machine-readable medium of  claim 25  wherein the cryptographically strong forward security system utilizes a quantum key distribution system. 
   
   
       27 . The machine-readable medium of  claim 19  wherein the plurality of routes is dynamically determined.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.